Internal Port Sweep Explaination.
Created: 20 Jun 2011 | 4 comments
My name is Thomas Moore and I new to Symantec and I am new to Symantec. Can you explain this to me
Internal IP address 12.345.67.89 has attempted to connect to port 80 on at least 10 different hosts within 300 seconds.
What does this mean and how to go by that?? Thanks in advance.
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
What is the role of 12.345.67.89? Are there any shared applications being used from that client? If not, that system (12.345.67.89) may be infected and is trying to spread a worm.
Make sure that system has the latest definitions and run a full scan in Safe-mode. make sure that the OS is up to date and all security patches are installed.You might want to go to that client and run the Power Eraser or SERT utility to check for infection.
PE - http://www.symantec.com/business/support/index?pag...
SERT - http://www.symantec.com/business/support/index?pag...
Ooyala Community Manager - Take our Video Poll
Dear Thomas,
I think it should be a a confirmed malware infection. Because 12. is an Internet IP address of a reputed brand (as illustrated in the attachment). The malware is supposedly involving in a IP-spoofing.
thomasmore23, I guess I need glasses, because I missed the fact that that IP address is invalid. Have you run the tools suggested to scan for malware?
Ooyala Community Manager - Take our Video Poll
Yes the Symantec Power Eraser
_____________________________
Thomas Moo
Would you like to reply?
Login or Register to post your comment.